Facebook on Wednesday pulled its VPN service Onavo Protect from the iOS App Store after Apple found the app in violation of newly implemented privacy policies.

Citing sources familiar with the matter, The Wall Street Journal reports Apple earlier this month informed Facebook that Onavo Protect was in violation of App Store policies implemented in June.

Specifically, the software ran afoul of data collection restrictions and parts of the iPhone maker's developer agreement covering customer data usage. Referring to the latter, Apple said Onavo Protect used data for purposes not directly related to app functionality or for serving up advertising to users.

Available as a free download, Onavo's app allowed users to create a virtual private network that routes internet browser traffic to Facebook servers for filtering out malicious content. The app is advertised as a consumer protection tool that blocks "potentially harmful websites" and secures personal information when utilizing web browsers like Safari.

Onavo Protect's FAQ webpage notes, "Onavo Protect blocks online threats when browsing the web using your iPhone or iPad. To function properly, you need to successfully install a profile during the first launch of the app, which in turns sets up a VPN on the device."

More importantly for Facebook, Onavo granted free access to its users' internet activity, invaluable information for firms keen on sniffing out consumer sentiment. According to The Journal, data from Onavo was used to bolster Facebook's product and acquisition strategy, and helped inform industry moves including the purchase of WhatsApp and a venture into live video.

Representatives from Apple and Facebook discussed the privacy issue in a series of meetings last week, at least one of which was held at Apple Park, the report said. Upon Apple's suggestion, Facebook agreed to pull Onavo Protect from the App Store.

"We work hard to protect user privacy and data security throughout the Apple ecosystem," Apple said in a statement to TechCrunch. "With the latest update to our guidelines, we made it explicitly clear that apps should not collect information about which other apps are installed on a user's device for the purposes of analytics or advertising/marketing and must make it clear what user data will be collected and how it will be used."

The takedown does not affect users who already downloaded the app, which will continue to function normally. Due to the takedown, however, Facebook will be unable to push out updates for the title on iOS.

Onavo Protect remains available for Android via the Google Play Store.

Updated with statement from Apple.

Comments

I’m not sure which is more laughable - the fact that facebook would claim to help you “secure personal information,” or the fact that there are people that would trust them to do it. Facebook has as much interest in protecting your personal information as a Russian hacker has in protecting your passwords.

I’m not sure which is more laughable - the fact that facebook would claim to help you “secure personal information,” or the fact that there are people that would trust them to do it. Facebook has as much interest in protecting your personal information as a Russian hacker has in protecting your passwords.

I think the problem is lack of transparency in what was being collected and how. Most people probably assume the collection of data is limited to email address and other things they affirmatively provide, and not browsing habits, location, etc.

I’m not sure which is more laughable - the fact that facebook would claim to help you “secure personal information,” or the fact that there are people that would trust them to do it. Facebook has as much interest in protecting your personal information as a Russian hacker has in protecting your passwords.

I think the problem is lack of transparency in what was being collected and how. Most people probably assume the collection of data is limited to email address and other things they affirmatively provide, and not browsing habits, location, etc.

I’m not sure which is more laughable - the fact that facebook would claim to help you “secure personal information,” or the fact that there are people that would trust them to do it. Facebook has as much interest in protecting your personal information as a Russian hacker has in protecting your passwords.

I think the problem is lack of transparency in what was being collected and how. Most people probably assume the collection of data is limited to email address and other things they affirmatively provide, and not browsing habits, location, etc.

The problem is, by definition, anyone who is using VPN software is by definition concerned about security and using it to prevent snooping and tracking of activity. The fact that this software created a VPN specifically to allow Facebook to snoop on your activity is beyond 'lack of transparency,' it's outright deceit and would qualify as malware in many respects.

I’m not sure which is more laughable - the fact that facebook would claim to help you “secure personal information,” or the fact that there are people that would trust them to do it. Facebook has as much interest in protecting your personal information as a Russian hacker has in protecting your passwords.

I think the problem is lack of transparency in what was being collected and how. Most people probably assume the collection of data is limited to email address and other things they affirmatively provide, and not browsing habits, location, etc.

Except it's FACEBOOK. The people who would data-mine your soul and sell it to the highest bidder if they could. Of course they would use it to mine any data they possibly could. The idea of a FaceBook VPN is as absurd as a paper mache submarine.

Surprised it was rated so high, and especially as they were saying right up front what they were doing in the app description. "... As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we're part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences."

Still Apple approved it.

Reviewer "SprayPaintedGold" nailed it back in April:"Facebook is quite afraid of losing dominance in the publishing, data mining, and advertising business. They bought Onavo for one purpose: to identify popular app and web trends early to give Facebook a chance to buy popular companies or steal their popular features. As a user of this app, ALL of your web and app traffic will be analyzed by Facebook for this purpose.

Is the trade off worth it to use a free VPN? The only ‘protection’ this app offers is to obscure your unencrypted internet traffic from your ISP and other users on shared WiFi. Very few websites transmit logins, tokens, or keys unencrypted these days and the next WiFi standard will prevent users of the same access point from seeing each other’s traffic. iOS already offers fraudulent website warnings which makes the last feature of this app an unnecessary duplication.

Apple should change their developer agreement to ban the sort of data collection this app pursues."